By rssfeeds-admin 
The flaw, discovered by Ledger’s Donjon security research team, highlights serious risks for millions of Android devices powered by the affected chip.
class="wp-block-heading" id="hardware-level-boot-rom-vulnerability">Hardware-Level Boot ROM Vulnerability
The vulnerability resides in the Boot ROM of the MediaTek Dimensity 7300 chipset, also known as MT6878.
Boot ROM is the first code executed when a device powers on and operates at the highest hardware privilege level, known as EL3, before the Android operating system begins loading.
Because Boot ROM code is permanently embedded into the processor’s silicon during manufacturing, vulnerabilities at this level cannot be fully fixed with traditional software patches.
Instead, vendors can only implement mitigations that reduce the chances of successful exploitation.
Ledger researchers determined that attackers could exploit the flaw using a technique known as Electromagnetic Fault Injection (EMFI).
This attack method involves sending carefully timed electromagnetic pulses to the processor during the boot process to disrupt its execution flow.
By repeatedly rebooting the device while injecting electromagnetic faults, attackers can manipulate the Boot ROM’s behavior.
When successful, the process allows the attacker to bypass security controls and gain arbitrary code execution with the highest possible hardware privileges.
Proof-of-Concept Attack
Ledger demonstrated the vulnerability using a Nothing CMF Phone 1 connected to a laptop through a USB cable.
During testing, the researchers successfully breached the device’s foundational security layer within approximately 45 seconds.
Once access was achieved, the team was able to:
- Recover the device’s lock screen PIN
- Decrypt on-device storage
- Extract cryptocurrency wallet seed phrases
The attack specifically targeted phones using the MediaTek Dimensity 7300 chipset combined with the Trustonic Trusted Execution Environment (TEE).
This configuration is used to isolate sensitive operations such as encryption, authentication, and key storage.
Although each fault injection attempt has a relatively low success rate, the process can be automated.
Attackers can continuously repeat the process until the fault injection works, making the attack practical under the right conditions.
During testing, researchers successfully extracted sensitive data from several popular cryptocurrency wallet applications, including:
- Trust Wallet
- Kraken Wallet
- Phantom
- Base
- Rabby
- Tangem Mobile Wallet
This demonstrates that sensitive crypto wallet data stored on affected smartphones may be exposed if attackers gain physical access to the device.
The vulnerability could potentially affect a significant portion of Android devices using the MediaTek Dimensity 7300 processor. MediaTek-powered chipsets are widely used in mid-range and budget smartphones.
Brands that have released devices using the affected chipset include:
- Realme
- Motorola
- Oppo
- Vivo
- Nothing
- Tecno
The Solana Seeker smartphone, designed specifically for cryptocurrency use cases, also uses the same processor.
After Ledger responsibly disclosed the vulnerability in 2025, MediaTek released a security patch in January 2026 and notified affected device manufacturers.
However, because the issue stems from the Boot ROM hardware design, the update only mitigates certain attack pathways rather than eliminating the flaw.
MediaTek has previously indicated that advanced techniques such as EMFI are considered outside the normal threat model for consumer devices.
Ledger CTO Charles Guillemet emphasized that smartphones should not be treated as secure vaults for sensitive digital assets.
While users should apply available security updates, he recommends storing cryptocurrency private keys and seed phrases in dedicated hardware wallets designed with specialized security protections.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.
The post Critical MediaTek Flaw Allows Attackers to Extract Android PINs in Under a Minute appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.